Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: Is there a security vulnerability in Ubuntu Updater?

  1. #11
    Join Date
    Feb 2006
    Location
    Winkler, MB., CA
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Is there a security vulnerability in Ubuntu Updater?

    Quote Originally Posted by ian-weisser View Post
    "Not always the case" is a big vague.
    Are you saying that updates sometimes download with error?
    Or are you saying that updates don't download every day? (hint: expected behavior)
    Or are you saying something else?
    Some days I get a lot of "hash sum mismatch" errors when I run "sudo apt-get update" with the apt-transport-tor and apt-transport-https installed and configured correctly.
    Yesterday I got two segmentation faults core dumped, when running this command. I sent one error report but am not sure it will arrive where it is supposed to go.

  2. #12
    Join Date
    Jul 2013
    Location
    Wisconsin
    Beans
    4,520

    Re: Is there a security vulnerability in Ubuntu Updater?

    If you use ordinary insecure http, do you still get hash mismatch errors?
    Hash mismatches in apt do happen occasionally, and are easily fixed.

  3. #13
    Join Date
    Feb 2006
    Location
    Winkler, MB., CA
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Is there a security vulnerability in Ubuntu Updater?

    Quote Originally Posted by ian-weisser View Post
    If you use ordinary insecure http, do you still get hash mismatch errors?
    Hash mismatches in apt do happen occasionally, and are easily fixed.
    Today i tried to update and did still have hash sum mismatch errors with apt-transport-https.
    When i run "sudo apt-get dist-upgrade" I got this:
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    Calculating upgrade... Done
    The following package was automatically installed and is no longer required:
    libappstream3
    Use 'sudo apt autoremove' to remove it.
    The following NEW packages will be installed:
    libappstream4 libstemmer0d
    The following packages will be upgraded:
    appstream libarchive13
    2 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
    Need to get 529 kB of archives.
    After this operation, 1,047 kB of additional disk space will be used.
    Do you want to continue? [Y/n] y
    WARNING: The following packages cannot be authenticated!
    libappstream4 appstream libarchive13
    Install these packages without verification? [y/N] n
    E: Some packages could not be authenticated
    These above packages are related to the segmentation fault when the core was dumped yesterday. But the packages are unverifiable.
    /var/crash/_usr_bin_appstreamcli.0.crash
    Post Script: Today i tried it without https repositories and it worked without errors today. So far. And I know the https repos I was using support https. Also the one package it installed was unrelated to all the above listed ones.
    Last edited by Floppyjoe; May 1st, 2017 at 07:44 PM.

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •